Access control for jobs

2 minute readAutomation

When a job executes, it usually needs to access objects in CloudBees CD/RO. For example, a job step command may refer to a parameter value, which is a property associated with the job object, or a step may invoke ectool to modify properties or any other CloudBees CD/RO state. This process leads to questions:

Under which username does the job execute?

Procedures always run under the project principal user ID for the project that contains the procedure. If a procedure invokes a subprocedure in another project, that subprocedure will run under its own project’s project principal and the project principal of its calling procedure. When a procedure is running under multiple project principals, its steps will perform any operations for which any one of its project principals allow.

How does CloudBees CD/RO initialize job permissions when the job starts?

This question pertains to job object permissions. When a job starts, CloudBees CD/RO sets full access control entries on the job for the project principal and the user who launched the job—assuming the job was launched by a user and not a schedule.

What permissions are needed to abort a job?

Aborting a job requires execute permission on the job. If a job is launched by a user, that user is given all privileges on the job. If a job is launched by a schedule, the schedule’s execute privileges are copied to the job.

The access control system determines whether jobs can be executed or not.

  • For a user to run a job without creating a schedule, the user must have execute permission on the top-level procedure being executed.

  • To create a schedule to run a procedure, a user must have modify permission for the project containing the schedule. After a schedule is created, no additional permissions are required to start jobs under the auspices of that schedule.